Bringing Contactless Payment to All Wearables With ST and Fidesmo

December 11, 2018

Making a wearable with payment functionality is now easier than ever thanks to our new partnership with Fidesmo, a Swedish Trusted Service Manager (TSM) that implements an over-the-air personalization/tokenization system that allows NFC devices to replace a bank card for contactless transactions.

Thanks to this partnership, manufacturers can use our system-in-package STPay-Boost-F to offer payment features to all sorts of wearables, from smartwatches to pieces of jewelry for instance, like the Smart Barakà that recently got attention for its implementation of our SensorTile. Indeed, the STPay-Boost comprises an ST31 ARM SC000 secure microcontroller and the STS3922 NFC Booster, thus taking care of all the hardware needs. It also comes with our STPay-Tiger, an operating system designed to handle wireless financial transactions and, therefore, implements all the security measures necessary for payment applications. However, manufacturers still needed to go through a TSM to allow their customers to use their wearable to actually pay with their credit card. Thanks to the over-the-air post issuance service by Fidesmo, STPay-Boost-F is thus an evolution of STPay-Boost.

OTA Tokenization by Fidesmo

When smartphones started offering contactless payment features, their makers had to adapt their assembly lines to guarantee the installation of a secure system. Additionally, they had to make specific agreements with financial institutions because banks and other similar establishments were handling the tokenization step for the cards they were issuing. When a customer places a mobile phone with a wireless module on a point-of-sale to make a payment, the financial institution issues a token that enables the transaction without revealing the actual account details of the user, thus significantly increasing the process’s overall security. Hence, if someone hacks the merchant’s payment system, the token they will acquire is no longer valid and they cannot trace back the customer. The ability to personalize mobile transaction through an over-the-air system is thus absolutely critical.

As a Trusted Service Manager, Fidesmo is part of the solution as it enables companies to benefit from Over-the-Air (OTA) personalization, meaning that wearables can receive the necessary token through the TSM’s cloud service. The Swedish company thus acts as a middleman between the card issuer and the wearable manufacturer. The former defines a service that enables the creation of an OTA token while the latter uses this OTA personalization mechanism to offer contactless payment features. For instance, Fidesmo integrates the MasterCard Digital Enablement Service (MDES), a development platform offering APIs that enables developers to request and use tokens. Jewelers or accessory specialists can thus use our hardware and Fidesmo’s solution to benefit from MDES to provide contactless payment without investing in special and expensive equipment, changing their manufacturing processes, or paying for particular expertise and manpower.

A Complete Solution With ST

Wearables are taking over physical credit cards

Wearables are taking over physical credit cards

To be able to offer a turnkey solution, ST and Fidesmo had to work closely together. Indeed, our STPay-Boost hardware and software already meet the security requirements from card issuers, but we also had to implement the necessary features that allow the TSM to integrate its various security schemes. For instance, we worked on the creation of secondary security domains, which enables the creation of secure channels to segregate the data and systems that interact with the System-on-Chip.

If we thus look at a smart bracelet that tracks motion and physical data, among others, the presence of a secondary security domain would allow an external service provider to populate secret keys in the embedded application to enable the secure exchange of the user’s data later on. Hence, the payment applications would use a different secondary security domain than the health tracking software to guarantee the integrity and confidentiality of the personalization process.

We also worked with Fidesmo to enable specific commands that we didn’t offer previously and to define device identifiers that only they could recognize to provide relevant services. All this work is particularly valuable for wearable manufacturers because it means they don’t have to do it themselves. Indeed, because we bake Fidesmo’s OTA tokenization system in the final solution, we move the personalization away from the manufacturing lines. The end users simply ask for a token when they populate their device with their tokenized credit card information. The system is using their smartphone or another terminal to connect to Fidesmo’s cloud and generate the personalized card that will enable the transaction at the merchant’s level.

The Rest Is Catching Up

This partnership with Fidesmo also highlights a discrepancy within the industry because some of our innovations are ahead of their time. For instance, many wearable manufacturers are attracted to our STPay-Boost-F because its size and features open the door to a new type of wearables. Many consumers dream of ditching their wallet and manufacturers know that we offer the hardware and operating system to enable that. On the other hand, some card issuers still don’t have their own version of MasterCard’s service and working with TSMs takes time. Fidesmo is our first partner, but certainly not our last as we strive to open our platform to more companies and to make it easier for wearable makers to offer payment features. The good news is that we are already ready for what’s coming next.